Lots of "/?s=" in log files
-
In the last few days I noticed that a number of different IP addresses are frequently hitting my WordPress site at “/?s=” and “/?p=741”. The first URL is obviously related to WordPress’ search facility, but because the search is empty, it just presents the site as if my browser were accessing the root of the site. The second is a valid post I made in May 2010. The “/?s=” hits are significantly more frequent than the “/p=741” hits.
Looking back through my logs it appears as though the hits are coming from numerous IP addresses all over the world, though most of them are from hosting companies that often offer VPS servers or web hosting. In the past the User-Agent strings appeared to be randomized and included numerous versions of different browsers. In the last few days the User-Agent stings seem to be limited to the following two
– “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:21.0) Gecko/20100101 Firefox/21.0”
– “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:22.0) Gecko/20100101 Firefox/22.0”Since my site is generally not Mac-related, I started investigating the hits. I am seeing them as far back as March of this year but as I go further and further back in time the hits become less frequent and blend in more and more with the other regular traffic.
I have had a few name-based virtual hosts on this server for quite some time now and the hits are only on one of them (coincidentally the virtual host that is longest running and also on https). Interestingly, it is not the default virtual host.
Does anybody have any idea what this traffic is and whether it may be maliciously intended?
- The topic ‘Lots of "/?s=" in log files’ is closed to new replies.